Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6483fd64 by Salvatore Bonaccorso at 2021-08-07T10:18:53+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,7 +3,7 @@ CVE-2021-38159 CVE-2021-38158 RESERVED CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...) - TODO: check + NOT-FOR-US: LeoStream Connection Broker CVE-2021-38156 RESERVED CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...) @@ -28,7 +28,7 @@ CVE-2021-38150 CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) - TODO: check + NOT-FOR-US: Obsidian CVE-2021-38147 RESERVED CVE-2021-38146 @@ -1303,35 +1303,35 @@ CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon be CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) NOT-FOR-US: TX9 Automatic Food Dispenser CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-37539 RESERVED CVE-2021-3666 @@ -4271,7 +4271,7 @@ CVE-2021-36211 CVE-2021-36210 RESERVED CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2021-36208 RESERVED CVE-2021-36207 @@ -6373,7 +6373,7 @@ CVE-2021-35314 CVE-2021-35313 RESERVED CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) - TODO: check + NOT-FOR-US: Amica Prodigy CVE-2021-35311 RESERVED CVE-2021-35310 @@ -37734,7 +37734,7 @@ CVE-2021-22297 CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...) - TODO: check + NOT-FOR-US: HarmonyOS CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...) NOT-FOR-US: HarmonyOS CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) @@ -54204,9 +54204,9 @@ CVE-2020-28090 CVE-2020-28089 RESERVED CVE-2020-28088 (An arbitrary file upload vulnerability in /jeecg-boot/sys/common/uploa ...) - TODO: check + NOT-FOR-US: jeecg-boot CMS CVE-2020-28087 (A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of ...) - TODO: check + NOT-FOR-US: jeecg-boot CMS CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for an uninte ...) - password-store <unfixed> (unimportant) NOTE: https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html @@ -68199,7 +68199,7 @@ CVE-2020-22332 CVE-2020-22331 RESERVED CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the titl ...) - TODO: check + NOT-FOR-US: Subrion CVE-2020-22329 RESERVED CVE-2020-22328 @@ -70267,17 +70267,17 @@ CVE-2020-21360 CVE-2020-21359 RESERVED CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...) - TODO: check + NOT-FOR-US: Wage-CMS CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...) - TODO: check + NOT-FOR-US: PopojiCMS CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...) - TODO: check + NOT-FOR-US: PopojiCMS CVE-2020-21355 RESERVED CVE-2020-21354 RESERVED CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...) - TODO: check + NOT-FOR-US: GetSimple CMS CVE-2020-21352 RESERVED CVE-2020-21351 @@ -75682,7 +75682,7 @@ CVE-2020-18696 CVE-2020-18695 RESERVED CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...) - TODO: check + NOT-FOR-US: IgnitedCMS CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...) NOT-FOR-US: MineWebCMS CVE-2020-18692 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits